HDFS-10276. HDFS should not expose path info that user has no permission to see. (Yuanbo Liu via Yongjun Zhang)

This commit is contained in:
Yongjun Zhang 2016-05-27 10:02:02 -07:00
parent e4022debf7
commit 5ea6fd85c7
2 changed files with 26 additions and 11 deletions

View File

@ -196,9 +196,9 @@ void checkPermission(INodesInPath inodesInPath, boolean doCheckOwner,
* Check whether exception e is due to an ancestor inode's not being
* directory.
*/
private void checkAncestorType(INode[] inodes, int ancestorIndex,
private void checkAncestorType(INode[] inodes, int checkedAncestorIndex,
AccessControlException e) throws AccessControlException {
for (int i = 0; i <= ancestorIndex; i++) {
for (int i = 0; i <= checkedAncestorIndex; i++) {
if (inodes[i] == null) {
break;
}
@ -221,11 +221,8 @@ public void checkPermission(String fsOwner, String supergroup,
throws AccessControlException {
for(; ancestorIndex >= 0 && inodes[ancestorIndex] == null;
ancestorIndex--);
try {
checkTraverse(inodeAttrs, path, ancestorIndex);
} catch (AccessControlException e) {
checkAncestorType(inodes, ancestorIndex, e);
}
checkTraverse(inodeAttrs, inodes, path, ancestorIndex);
final INodeAttributes last = inodeAttrs[inodeAttrs.length - 1];
if (parentAccess != null && parentAccess.implies(FsAction.WRITE)
@ -276,10 +273,15 @@ private void checkOwner(INodeAttributes inode
}
/** Guarded by {@link FSNamesystem#readLock()} */
private void checkTraverse(INodeAttributes[] inodes, String path, int last
) throws AccessControlException {
for(int j = 0; j <= last; j++) {
check(inodes[j], path, FsAction.EXECUTE);
private void checkTraverse(INodeAttributes[] inodeAttrs, INode[] inodes,
String path, int last) throws AccessControlException {
int j = 0;
try {
for (; j <= last; j++) {
check(inodeAttrs[j], path, FsAction.EXECUTE);
}
} catch (AccessControlException e) {
checkAncestorType(inodes, j, e);
}
}

View File

@ -560,6 +560,19 @@ public FileSystem run() throws Exception {
+ "a directory, when checked on /existing_file/non_existing_name",
e.getMessage().contains("is not a directory"));
}
rootFs.setPermission(p4, new FsPermission("600"));
try {
fs.exists(nfpath);
fail("The exists call should have failed.");
} catch (AccessControlException e) {
assertTrue("Permission denied messages must carry file path",
e.getMessage().contains(fpath.getName()));
assertFalse("Permission denied messages should not specify existing_file"
+ " is not a directory, since the user does not have permission"
+ " on /p4",
e.getMessage().contains("is not a directory"));
}
}
/* Check if namenode performs permission checking correctly